How do confidential information data breach incidents impact healthcare users?
If your local clinic was hacked, and they had your information for ransom in ransomware, how does that affect you personally? What can you do to help yourself and counteract the most common forms of cybersecurity threats?
We often refer to healthcare data as electronic protected health information (ePHI) or personally identifiable information.
However, ePHI breaches don’t impact health information exclusively. Such breaches often give hackers access to other data such as addresses, social security numbers, insurance information, employment affiliations, and more.
Once such information is exposed, it’s often published on the dark web, where anyone can download complete lists from disclosures by different entities and use them to set up rogue accounts under your name that you’re completely unaware of.
There have been instances in ThinkSecureNet’s practice when young people who have never filed for credit or applied for credit cards or other financial instruments suddenly find out that they have horrible scores. That’s because their identity had been stolen years ago before they were even of age and capable of filling out this information.
What Can You Do to Protect Yourself?
1. Ask Questions
The most basic thing you can do to protect yourself and your family is to hold the organizations you do business with accountable for how they handle your data, especially if your information is out in the public domain.
For instance, if you have your DNA tested and the results are then published on, say, ancestry.com, there are chances that your information can be held against you and even impact your employment.
If you smoke or are categorized as obese, organizations may not want to hire you because many entities now have their insurance premiums measured by their employees’ consumption of healthcare services. Alternatively, if you sought out behavioral services for drug, alcohol, or substance abuse, this too could be detrimental to your employability.
The easiest way to hold organizations accountable is to ask questions. Approach your caregiver and healthcare staff and ask them how your information is being protected.
Do they perform annual security risk assessments? What are they doing with your data? How are they storing it? Is your data shared with other entities? How are they securing or limiting access to that data? How are they protecting themselves from ransomware viruses? Do they have a solid ransomware recovery plan?
2. Check for Third-Party Business Associate Agreements
Furthermore, every healthcare entity that does business with third parties is required to have a business associate (BA) agreement. This ensures that third parties can access your health information in the performance of their duties. It also means they have an obligation to maintain your data in the same way your healthcare entity does.
That’s still something that’s overlooked. Big organizations will always have those things in place and generally do a good job of diligence. But smaller organizations such as cleaning service providers often won’t even have a BA agreement.
3. Look Up Your Provider in the HHS Breach Portal
The good thing about ePHI is that organizations are required to notify you in the event of a disclosure situation.
Even if you haven’t received a notification because you’ve changed your address or for some other reason, you can always go to the HHS Breach Portal and check all known entities that have had disclosures or data breach incidents. There, you can find each organization’s name and address, as well as the type and impact of the disclosure.
You can use the Breach Portal to look up your healthcare provider and determine whether the organization you’re entrusting with your health and health records is performing at an appropriate level.
4. Do Credit and Account Monitoring in Real Time
Everyone these days should be using some form of real-time credit and account monitoring. With identity theft at the level that it is, it’s likely that you will experience some form of identity theft at least once in your life.
Being Proactive Is Key to Protecting Your Information
Engaging and holding your practitioners accountable will probably take care of most of your health information security needs. Of course, you won’t be able to instruct organizations to use specific tools. However, when clients educate themselves about security risks and become far more selective in whom they trust with their information, providers begin to listen.